Vulnerability Details CVE-2019-14362
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.5
References
- https://grep.blog/directory-traversal-openbravo/
- https://issues.openbravo.com/view.php?id=41413
- https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/
- https://grep.blog/directory-traversal-openbravo/
- https://issues.openbravo.com/view.php?id=41413
- https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/
Products affected by CVE-2019-14362
-
cpe:2.3:a:openbravo:openbravo_erp:3.0